2.2.10 [W3C-P3P1.0] Section 4.1, Referencing compact policies
The specification states:
compact-policy-field = `CP="` compact-policy `"` compact-policy = compact-token *(" " compact-token) compact-token = compact-access | compact-disputes | compact-remedies | compact-non-identifiable | compact-purpose | compact-recipient | compact-retention | compact-categories | compact-test
All Document Modes (All Versions)
Users can define and import a custom privacy preference file that controls how both first-party and third-party cookies should be treated. For more information, see http://msdn.microsoft.com/en-us/library/ms537344(VS.85).aspx.
Users can specify any of the following operations for a cookie from a site (either first-party cookies or third-party cookies; with or without a compact P3P policy):
Prompt: Prompts the user for consent.
forceFirstParty: Leash cookies so that they are sent only in a first-party context.
forceSession: Convert persistent cookies to session cookies.
The custom privacy file also allows users to define separate behaviors for first-party cookies and third-party cookies.
The custom privacy file supports rules (with actions) for each token on the compact P3P header. The action can be one of the operations in the previous list.
<firstParty noPolicyDefault="accept" noRuleDefault="forceSession" alwaysAllowSession="no">
<if expr="DSP" action="prompt"></if>
Therefore, the following compact policy tokens are supported:
CURa, CURi, CURo
ADMa, ADMi, ADMo
DEVa, DEVi, DEVo
CUSa, CUSi, CUSo
TAIa, TAIi, TAIo
PSAa, PSAi, PSAo
PSDa, PSDi, PSDo
IVAa, IVAi, IVAo
IVDa, IVDi, IVDo
CONa, CONi, CONo
HISa, HISi, HISo
TELa, TELi, TELo
OTPa, OTPi, OTPo
OURa, OURi, OURo
DELa, DELi, DELo
SAMa, SAMi, SAMo
OTRa, OTRi, OTRo
UNRa, UNRi, UNRo
PUBa, PUBi, PUBo
Retention: NOR, STP, LEG, BUS, IND
PHY, ONL, UNI, PUR, FIN, COM, NAV, INT
DEM, CNT, STA, POL, HEA, PRE, GOV, OTC
Disputes Section: DSP
Access: NOI, ALL, CAO, IDC, OTI, NON
Dispute Resolution: COR, MON, LAW
TST:Token for indicating that a policy is test-version: TST